A successful project will give the security community two useful programs that they can use in their day to day operations in the security field. This will also bolster OWASPs reputation for creating quality products and being dedicated to furthering application security.

A successful project will give the security community two useful programs that they can use in their day to day operations in the security field. This will also bolster OWASPs reputation for creating quality products and being dedicated to furthering application security.

Revision as of 01:41, 6 January 2007

Background and Motivation

History Behind Projects
OWASP Report Generator (ORG) and the Site Generator (SG) were both projects started by Dinis Cruz. ORG was created as a way for security individuals and teams to have a standard way to report there findings to their customers. SG was created to tackle two different issues:

A standard way to test web application security scanners

A teaching aide / way to demonstrate security issues to people

Problems to be Addressed
Currently both of these applications need some polishing. The major functions for both SG and ORG have been finished. However, there are many issues with the programs from minimal exception handling to lack of documentation. By creating documentation, cleaning up the code and adding (or finishing) the remaining features it will allow for these programs to be assets to the security community. For SG the current communication architecture relies on shared memory which limits its use to certain environments this will be changed to network based communication allowing for it to be used in more environments.

Benefit to OWASP Members and Community
OWASP members and the community will benefit by:

A program that can be used to help easily teach peers security techniques and issues

A way to do standard testing for web application security scanners

A tool that can help confirm people’s competence in security areas

Goals and Deliverables

Plan of Approach
These programs will be started right away. I will start to work on any errors that I come across with ORG while working on the todo list that can be found on the project site. For Site Generator I will be replacing the communication area first and during that time I will fix errors I find and start the documentation. After the communication area is done I will get with the project lead to figure out what else needs to be done.

Deliverables

ORG source code checked into the OWASP CVS

SG source code checked into the OWASP CVS

ORG binaries and installers

SG binaries and installers

Documentation put onto the respective project sites

Risks and Rewards

Main Risks
The biggest risk for this project is that the tasks are not defined for Site Generator so trying to figure out what tasks need to be finished needs to get scoped out.

Rewards of Successful Project
A successful project will give the security community two useful programs that they can use in their day to day operations in the security field. This will also bolster OWASPs reputation for creating quality products and being dedicated to furthering application security.